Skip to content
View rnjudge's full-sized avatar
78 followers · 2 following

Achievements

Achievement: Galaxy BrainAchievement: YOLOAchievement: Pull Sharkx3Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Galaxy BrainAchievement: YOLOAchievement: Pull Sharkx3Achievement: Arctic Code Vault Contributor

Organizations

@act-project

Block or report rnjudge

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
rnjudge/README.md

Hi 👋

I'm Rose and I'm a Senior Open Source Engineer on the OSPO Supply Chain Security team at VMware. As part of my role there I maintain Tern, a container inspection tool that helps users better understand their container supply chain. I also focus a great deal on open source tooling for Software Bill of Materials (SBOMs) and how, as an ecosystem, we can generate and exchange SBOMs more efficiently. Prior to VMware, I worked on embedded Linux distributions at IBM.

Open Source

Most of my work revolves around open source. I'm a contributor to the SPDX Tech and Security specification and lead the SPDX Implementers working group. I'm currently the chair of the Automating Compliance Tooling Technical Advisory Council as well as the Chair of the SPDX Steering Committee and speak at Open Source conferences around the world. I sometimes write blogs for my employer about a variety of Open Source topics, too (Reproducible builds, anyone?). I was even lucky enough to have my open source journey profiled for the GitHub ReadME project.

Nonscholastic

When I'm not working from home you'll find me skiing ⛷️, running 🏃‍♀️, or riding my bike 🚴‍♀️ with my family.

Pinned Loading

  1. tern tern Public

    Forked from tern-tools/tern

    Open Source compliance for containers

    Python 2

  2. tern-tools/tern tern-tools/tern Public

    Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-…

    Python 967 188

  3. purl-spec purl-spec Public

    Forked from package-url/purl-spec

    A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

  4. act-project/TAC act-project/TAC Public

    Automating Compliance Tooling Project

    20 4

  5. meetings-1 meetings-1 Public

    Forked from spdx/meetings

    This repository stores meetings minutes for the SPDX project

  6. spdx-spec spdx-spec Public

    Forked from spdx/spdx-spec

    The SPDX specification in MarkDown and HTML formats.

    HTML